Re: Death of the Internet, Film at 11

[Valdis.Kletnieks () vt edu]

On Tue, 25 Oct 2016 18:54:22 -0500, Larry Sheldon said:

> What is it? 20 years? since the first time I was banned from NANOG for
> saying that the world would be a nicer place if EVERY true router
> refused to forward a packet whose SOURCE could not be reached from the
> port question.  (May not be stated clearly, but idea seems simple
> enough:  If the proposed ICMP message would not be routed to the port
> the packet came from, the best plan is probably to log the event and
> drop the ICMP and the rogue packet on the floor.)

That's not going to work when there's asymmetric routing. Say you get an
inbound packet from eth0 and the routing table says you should send it out on
eth2.  However, it has DF set and eth2 has a smaller MTU, so you need to send
back an ICMP FRAG reply.

Now, do you send it out, or do you create a PMTUD black hole by dropping the
reply because your local table says the source is routed out eth1?

Hint: there's a difference between strict uRPF and loose uRPF.

Attachment: _bin
Description: